Categories
Crypto

Ethereum – a secure Global Computer?

Ethereum is the second biggest cryptocurrency and forms the basis of many other AltCoins. With smart contract functionality, dapps such as DeFi Protocols, DAOs & NFTs are possible but how secure are they?

Ethereum - a Secure Global Computer

What is Ethereum?

A Russian-Canadian computer programmer, Vitalik Buterin, was one of the co-founders of the Ethereum project in 2014 and remains part of the project today.

Ethereum is the community-run technology powering the cryptocurrency, ether (ETH) and thousands of decentralized applications.

ethereum.org

Ethereum is a software platform that is blockchain-based, like most cryptocurrencies, but rather than purely being a store of value, like Bitcoin (BTC), it can be used to build ‘dapps’ (Decentralized Applications).

How does Ethereum work?

Ethereum uses the Ether (ETH) token to power its blockchain. To perform an operation on the Ethereum network the initiator of a request must pay a ‘Gas’ fee, in Ether, for it to be carried out.

Just as with Bitcoin, Ethereum has a network of computers or miners known as ‘nodes’. These nodes perform the necessary calculations to verify transactions, maintain a record of the blockchain, and create new blocks to add to the blockchain.

Smart contracts

Smart contracts are the basis of dapps and are used to automatically execute code, or programs, stored on the blockchain once certain conditions are met. An example of a smart contract is the sending of a cryptocurrency transaction from one address to another on a specified date and time.

This functionality has given rise to an industry of creating Ethereum-based solutions for the following use cases:

  • DeFi – Decentralized Finance provides a more open financial system through solutions that are not restricted to a single website, company or country.
  • DAOs – Decentralized Autonomous Organizations to collaborate and set up online communities with shared goals and pooled funds.
  • NFTs – Non-Fungible Tokens provide a way of representing unique items that can be traded, used as proof of ownership, and create new opportunities for creators.

Ethereum 2.0

Using Ethereum can be expensive due to high gas fees and the processing of transactions can become slow. In order to address these problems, and to make Ethereum more scalable, there is a migration project due to complete by late 2021 called Ethereum 2.0. This project aims to move Ethereum from a Proof Of Work (PoW) to Proof of Stake (PoS) system.

PoW is energy intensive as nodes compete to solve complex calculations as fast as possible in order to be rewarded for their work. PoS works on the basis of work being allocated to nodes based on the amount of Ether that they, or the pool they participate in, have staked.

An interim migration to Ethereum 2.0 was the Ethereum Improvement Proposal (EIP) 1559 which went live in early August 2021. Known as the London hard fork this upgrade aimed to address the way gas fees are calculated. EIP-1559 resulted in a move from an inflationary currency to deflationary one due to part of the Ether gas fees being burned (destroyed) during each transaction. The result of this over time makes ETH become scarcer due to a limited supply much like BTC and hence rise in value which benefits investors.

Is Ethereum secure?

Some of the core security features behind Ethereum include:

  • Censorship resistant – being decentralized makes it almost impossible for any government or company to exert control over Ethereum. This means you can receive payments, and use services on the network, without intervention.
  • Commerce guarantees – customers have a secure, built-in guarantee that funds will only change hands when what was agreed is provided i.e. predefined conditions are met.
  • P2P – money can be moved, and agreements can be made, on a peer-to-peer basis without the need for intermediary companies.
  • Privacy – personal details are not needed to use an Ethereum dapp.

Encryption

Ethereum uses ECDSA (Elliptic Curve Digital Signature Algorithm) for encryption which is the same mechanism as used by Bitcoin – click here to find out more.

ERC-20

Other digital currencies and cryptocurrency solutions that use the Ethereum network, or are built on top of Ethereum platform, use compatible tokens that conform to the ERC-20 standard. Examples of these include ExeedMe (XED), SwissBorg (CHSB), Utrust (UTK) and many more including Non-Fungible Tokens (NFTs).

To a certain degree ERC-20 cryptocurrencies are reliant on Ethereum’s underlying security though this is not entirely the case. This is because these solutions usually have their own websites, dapps, security measures, procedures, potentially less experienced developers, and more. These differences to the underlying Ethereum ecosystem open up vulnerabilities to being exploited by hackers.

Are there dangers using Ethereum?

Potential dangers do exist with using Ethereum, as is the case with Bitcoin and most other cryptocurrencies. In the following section we look at the Risks & Good Practices plus examples of Past Exploits:

Risks & good practices

These are very similar to those of Bitcoin and pretty much any cryptocurrency – click here to find out more.

Past exploits

Whilst Ethereum, and solutions that are layered on top of the platform, are largely secure there have been instances of exploits:

  • $600m in tokens stolen from PolyNetwork (August 10, 2021) – hackers managed to steal more than $600m from the token-swapping platform. PolyNetwork allows tokens to be transferred between the blockchains of Binance Smart Chain, Ethereum, and Polygon. Hackers managed to override the Smart Contract instructions for each of the blockchains diverting the tokens to three separate wallet addresses. Within 48 hours nearly all of the assets were returned. See here for more details.
  • $100m of PAID tokens taken in compromise (March 2021) – a PAID Network smart contract was compromised by exploiting flaws in how it was secured & managed. $100m of PAID tokens were extracted, and a further $3m converted into Ether, by exploiting the private key used to manage the associated smart contract. The attacker destroyed the existing tokens in order to mint new ones. All of this happened in spite of the smart contract having previously undergone an audit. See here for more details.
  • $80m loss of funds from EasyFi (April 2021) – the DeFi protocol, which is powered by the Polygon Network, reported that the private keys to the project’s admin account had been compromised. The EASY tokens were then transferred out of the system to an unknown wallet on the Ethereum network. A $1m reward was offered to the hacker for returning the funds in full. See here for more details.

Further Information

What do you think about the security around Ethereum and its layered solutions? Have you ever lost some Ethereum or ERC-20 based cryptocurrency due to being hacked or cyber crime? If so please comment below.

Leave a Reply